Dim con As SqlConnection
con = New SqlConnection("server=chinna; uid=sa; pwd=136018@h; database=icms")
con.Open()
Dim cmd As SqlCommand
cmd = New SqlCommand("select pass from personal where idno=" & TextBox1.Text, con)
cmd.CommandType开发者_JS百科 = CommandType.Text
Dim rdr As SqlDataReader
rdr = cmd.ExecuteReader
If rdr.Read() Then
TextBox2.Text = rdr.ToString()
Response.Redirect("default.aspx")
Else
MsgBox("incorrect password")
You need to use parameters in your query:
cmd = New SqlCommand("select pass from personal where idno=@param", con)
cmd.Parameters.AddWithValue("param", TextBox1.Text);
Use ExecuteScalar
instead of ExecuteReader
.
Dim password As String
password = cmd.ExecuteScalar.ToString()
FYI, storing passwords in plain text and comparing like this is VERY bad practice. You should be encrypting the passwords with some one-way salted encryption and then doing the same on verification then comparing the encrypted values.
You are missing the DataSource assignment.
Add GridView1.DataSource = rdr
before you call DataBind.
Your If block should look like:
If rdr.Read() Then
GridView1.Visible = True
GridView1.DataSource = rdr
GridView1.DataBind()
End If
Should be
cmd = New SqlCommand("select pass from personal where idno='" & TextBox1.Text & "'", con)
beyond that code seems for ASP.net. We can not execute MsgBox in VB.net that can appear on client browser.
use HasRows
on rdr and set DataSource
for GridView1
Dim rdr As SqlDataReader
rdr = cmd.ExecuteReader()
If rdr.HasRows Then
GridView1.Visible = True
GridView1.DataSource = rdr
GridView1.DataBind()
End If
What is your error or are you just getting a null for rdr?
I don't see an outpout paramenter. You need one. You only have an input parameter.
- You need to somehow mark that the user was logged in, using a Session variable or a login identity. Otherwise, anyone can go to the logged in version of the page by simply navigating directly to it.
MsgBox(
is not valid in asp.net, because it would display a message on the server, not on the client. Try using aLabel
on the page to display error messages by setting its text.- What is the problem you are having? Does it just "not work"? Does it not validate your password correctly? Do you get an exception of some sort? Can you post the results?
精彩评论